Enter the Custom Application Name and Description. Enter Redirect-URL where you would like to receive the response. If you want to use miniOrange URL, use this: https://auth.miniorange.com/moas/jwt/mobile

Click on Save.

Click on Download Certificate link against the application you just added. This will be required for verifying the response.

Click on Edit link against the App you just created. Save/Note down the App Secret. This will be required for sending the authentication request to miniOrange.

Step 4: Integrate in your Python App

You will need to redirect user to one of our endpoint through an InAppBrowser(Mobile-application) / Browser(Web-Application) along with an encrypted token string in a specific format.

miniOrange service will verify the token and if valid, redirects user to ADFS login page.

Once the user is signed in, ADFS sends a SAML Assertion to miniOrange.

Creating the Request token:
The request token must be in the following format:{Current_Timestamp_In_Milliseconds}:{App_Secret}
For example:1454392823570:abcdefghijklmnopNOTE: Each Token is valid for 60 seconds.

When the token is created, you will need to encrypt the token value using the Customer Token Key. Use the following method to encrypt the token:
Encryption method: AES
Operation Mode: ECB
Padding Scheme: PKCS5 Padding

If the Customer Token Key used to encrypt the above token is: klmnopqrstuvwxyz
The encrypted value for the above mentioned token should be:PJm8sn7Q1BYjdu7nXLAoATJOwuCecSxFeEz2MJzQShc=

Once the encrypted token is created, URL encode the encrypted token and append it to the miniOrange endpoint and redirect the user. Here is the final URL where you should redirect the user: https://auth.miniorange.com/moas/broker/login/jwt/{YOUR_CUSTOMER_KEY}?token=PJm8sn7Q1BYjdu7nXLAoATJOwuCecSxFeEz2MJzQShc%3D
Replace {YOUR_CUSTOMER_KEY} with the Customer Key you have.

Receiving and Verifying the JWT token
The JWT token can be found in Query String Parameter id_token.
For Example, in Java you can get the JWT token like this:
String jwtToken = request.getParameter("id_token");

The information contained in this website is for general information purposes only. The information is provided by miniOrange Inc., and while we endeavor to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.

In no event will we be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of, or in connection with, the use of this website.

Through this website you are able to link to other websites which are not under the control of miniOrange Inc. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.

Every effort is made to keep the website up and running smoothly. However, miniOrange Inc. takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.